A. Mustafa

Smart electric vehicle charging: Security analysis

This paper provides a comprehensive security analysis of the Electric Vehicle (EV) charging service in Smart Grid (SG) environment (i.e. the “smart” EV charging application). It first describes three EV charging scenarios, at home, at work and at public places. Based on these use-case scenarios, the paper presents a model for smart EV charging, consisted of application entities and interactions among them. It then illustrates potential message types communicated among these entities. Based on this model and the exchanged messages, the paper analyses security problems and potential security threats imposed on the entities, which leads to the specification of a set of security and privacy requirements. These requirements could be used to guide the future design of solutions for secure smart EV charging systems and/or a risk/impact assessment of such systems.

Toward Unified Security and Privacy Protection for Smart Meter Networks

The management of security and privacy protection mechanisms is one fundamental issue of future smart grid (SG) and metering networks. Designing effective and economical measures is a nontrivial task due to the following: 1) the large number of system requirements; and 2) the uncertainty over how the system functionalities are going to be specified and to evolve. This paper explores a unified approach for addressing security and privacy of smart metering (SM) systems. In the process, we present a unified framework that entails the analysis and synthesis of security solutions associated with closely interrelated components of a typical SM system. Ultimately, the proposed framework can be used as a guideline for embedding cross-domain security and privacy solutions into SG communication systems.

An Implementation of a High Assurance Smart Meter Using Protected Module Architectures

Due to ongoing changes in the power grid towards decentralised and highly volatile energy production, smart electricity meters are required to provide fine-grained measurement and timely remote access to consumption and production data. This enables flexible tariffing and dynamic load optimisation. As the power grid forms part of the critical infrastructure of our society, increasing the resilience of the grid’s software components against failures and attacks is vitally important.

High Assurance Smart Metering

This paper describes a high assurance architecture for smart metering. Hacking the smart metering infrastructure can have an enormous physical impact, therefore, it is essential that the components in this architecture are proven to be secure. In order for components to be verifiable, however, they need to be sufficiently simple. In this paper, we map the functionalities and different software modules of a smart meter to a minimal number of physical components in order to obtain a cost-effective and secure smart meter. The resulting smart meter contains seven physical components: a clock, a metrology component, a display, an off-switch, memory and two processors. It contains six main software modules: a communications module, a computations module, a credit balance module and three separate security modules, one of which is implemented on the second processor. Finally, there are six strongly separated memory segments: three for log files, one for the tariffs, one for the credit balance and one containing the operational parameters.

A local electricity trading market: Security analysis

This paper proposes a local electricity trading market and provides a comprehensive security analysis of this market. It first presents a market for electricity trading among individual users, and describes the different entities and the interactions among them. Based on this market model and the interactions, the paper analyses security problems and potential privacy threats imposed on users, which leads to the specification of a set of security and privacy requirements. These requirements can be used to guide the future design of secure local electricity trading markets or to perform a risk assessment of such markets.

An MPC-Based Privacy-Preserving Protocol for a Local Electricity Trading Market

This paper proposes a decentralised and privacy-preserving local electricity trading market. The market employs a bidding protocol based on secure multiparty computation and allows users to trade their excess electricity among themselves. The bid selection and trading price calculation are performed in a decentralised and privacy-preserving manner. We implemented the market in C++ and tested its performance with realistic data sets. Our simulation results show that the market tasks can be performed for 2500 bids in less than four minutes in the “online” phase, showing its feasibility for a typical electricity trading period.

SePCAR: A Secure and Privacy-Enhancing Protocol for Car Access Provision

We present an efficient secure and privacy-enhancing protocol for car access provision, named SePCAR. The protocol is fully decentralised and allows users to share their cars conveniently without sacrifising their security and privacy. It provides generation, update, revocation, and distribution mechanisms for access tokens to shared cars, as well as procedures to solve disputes and to deal with law enforcement requests, for instance in the case of car incidents. We prove that SePCAR meets its appropriate security and privacy requirements and that it is efficient: our practical efficiency analysis through a proof-of-concept implementation shows that SePCAR takes only 1.55 s for a car access provision.

A Privacy-Preserving Remote Healthcare System Offering End-to-End Security

Remote healthcare systems help doctors diagnose, monitor and treat chronic diseases by collecting data from Implantable Medical Devices (IMDs) through base stations that are often located in the patients’ house. In the future, these systems may also support bidirectional communication, allowing remote reprogramming of IMDs. As sensitive medical data and commands to modify the IMD’s settings will be sent wirelessly, strong security and privacy mechanisms must be deployed.